Deliver a fail-safe system for train control and rail signalling

Deliver a fail-safe computing system

ControlSafe™ Platform consists of two redundant ControlSafe™ computers which both deliver fail-safe operations. They are linked, monitored, and controlled by a Safety Relay Box (SRB) which monitors the health of the two computers. Designating one as "active" which controls the I/O via a customer application, and the other as "standby" which runs the same application but with no ability to drive any output, the SRB controls fail-over operation to deliver a fail-safe system.

Meeting the highest industry safety standards

ControlSafe™ Platform meets all the functional safety, reliability, and availability requirements mandated by rail standards and specifications. All safety-related hardware is designed to be certified to EN50129 SIL4, software to EN50128 SIL4, and all reliability, availability, maintainability and safety processes to EN50126.

Best-in-class availability

The system delivers availability as high as 99.9999%, limiting downtime to less than a few seconds per year.

Future proof your system

ControlSafe™ Platform is modular, scalable, and designed to seamlessly accommodate additional I/O interfaces. A data lock-step architecture supports many modern CPUs and allows the processors to be upgraded over time while retaining the same I/O.

Seamless expansion

A variety of I/O modules provide an interface to a range of communication protocols including CAN, Ethernet, Ethernet Ring, UART and MVB. All modules are accessed over Ethernet, allowing for a seamless distributed architecture that allows for expansion via remote chassis.

Extended life cycle

ControlSafe™ Platform is designed with a 15 year planned product life and with 25 years of extended support and service. Application processing is carried out on a modern Freescale QorIQ™ processor, delivering high performance, energy-efficient processing and supporting the extended life required by rail equipment.

Maximise application software transparency

Featuring hardware with an implemented two-out-of-two voting mechanism, developers can easily migrate existing application software with minimal modification, and well-documented APIs provide easy access to monitor and control the system.

Easy upgrades and development options

All I/O modules support remote software and firmware upgrades without the risk of rendering the system inoperable, and all are based on a common Freescale CPU core architecture and Wind River VxWorks 653 operating system, allowing for simplified software development.